The current version of this malware does not support most of these features, but can only get boot persistence, install a local certificate, and set up custom DNS server settings.

Taking into account the rest of the features, this could very well be a remote access trojan in the making, but currently, it can only be classified as a mere DNS hijacker.

MaMi can evolve in the future

"OSX/MaMi isn't particular advanced - but does alter infected systems in rather nasty and persistent ways," Wardle says. "By installing a new root certifcate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle'ing traffic (perhaps to steal credentials, or inject ads)."

But Wardle fears the malware could evolve pretty quick and might have more secrets hidden in its code.

"Perhaps in order for the [more intrusive] methods [taking screenshots, executing commands] to be executed or for the malware to be persisted, requires some attack-supplied input, or other preconditions that just weren't met in my VM. I'll keep digging!," Wardle said.

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.